I've noticed that sometimes Facebook shows a fake 'youve got a message' icon to try and trick you into installing their messenger app.
To re-produce this behaviour: (this works best if you dont get a lot of facebook messages. Also you need a phone with no facebook apps installed)
- On your desktop PC, use facebook to send a message to someone
- Then switch to your phone, using facebook in the browser
- After about an hour, the little speechbubble message icon at the top will go red, showing you've got a message
- If you click on this from a phone browser, it redirects you to install messenger. (normally, phone-browser facebook doesnt do messenger features)
- Instead of that, switch on 'request desktop site' (not sure what iOS calls this option) to make your phone display the desktop version of facebook. And then you can (usually) read your messages in the browser
- But you will find that there is no new message, and the new message icon will no longer be lit up.
I've had this happen five or six times now - supposedly new messages have arrived but when you look there are none. It always happens about an hour after sending a message. I'm pretty convinced its deliberate behaviour on the phone browser version of facebook to get you to install their messenger app.
Just went on it. On a browser you have to enable desktop mode for login to show.
Also if you login this way and disable desktop mode it forces you out. If you reenable it renders the chat. Theres no reason the chat wouldnt work on Mobile desktop mode isnt using a different browser just lying to the web server and frontend JS.
Amazing. I already rarely use Facebook as it is. I might just outright stop since they are dying to infest your phone so badly.
I've been bitten by it too much. It's typically the auto-complete feature of mobile keyboards that fails. Something that you don't always see in emulators.
I assumed it was just some shitty dark pattern, that (enough) people are Pavlov-ing at unread notifications to pad their usage metrics nicely, because someone thought, "Let's poke people's brains to make the graphs look better!" or something. I mean, it is Facebook.
So then, why do they do it? I think it's because Facebook is made up of many separate teams that are trying to get ahead of each other. Some team did this and had really positive short term numbers and that got them all promoted, and then they hope nobody is able to attribute the long term loss to their team. This is Facebook creating fake engagement to scam itself.
And, of course, it's an engagement thing probably, too.
I've actually uninstalled the fb app because it was more buggy than using the mobile site.
It seems that notification doesn't get cleared for a while in the mobile site. Since the messenger app does notify of new messages and the notification does get cleared (on the app) once you read it, something is not right on the backend.
It also strikes me as suboptimal even as a "dark pattern": Clicking on conversations when you have the app open already, and not seeing new messages you expect, is frustrating without any conceivable payoff for Facebook. The pattern mentioned above–the app icon showing activity, which gets you to open the app–seems far more plausible.
I've recently noticed on my SO's phone that Messenger counts them as "unread messages", and the only way to clear them is to a) send that greeting, or b) clear them from a desktop.
In other words, they're getting pretty desperate to drive the engagements up, and this is something that probably wasn't implemented in third-party clients.
Note that this is different than a "message" on a mobile browser. Last time I've checked (admittedly, quite some time ago), there was one "message" that never gets cleared, regardless of what you do.
The net effect is that I uninstalled all of their apps and only use https://mbasic.facebook.com/ a few times a month
2014. And still not fixed. Either flux/react does not automatically fix the problem, or the fix never made it to the app. Or dark patterns.
Sometimes I wonder what 1,000 programmers do all day
And there's so much more.
It's probably a bug. I use the FB apps on Android and Chrome on Win/Mac, and sometimes the notification thing goes out of sync and is stuck on "1" for a few days, and nothing seems to help. Then eventually it goes away. I'm 99.99% sure this is a some cache/consistency bug and not a trick. It's super annoying when it happens to me.
I think we must be at the point where it's arguably irresponsible journalism for The Information to broadcast a claim like that from Facebook without immediately pointing out the occasions in the past when identical claims about data collection have turned out to be barefaced lies. Not every reader is going to have that context when reading the article, and they need to be equipped with the appropriate skepticism.
I'm not saying we need to dredge up the 90s any time Microsoft speaks publicly about open source. But the Facebook thing is an ongoing issue, and it hasn't been that long since their absolute worst abusive behavior, and there's been no change in management since then. I think it's reasonable that any quote from Facebook denying privacy abuses should be positively dripping with disclaimers.
(By the way, I'm loving the articles from The Information when they hit HN. Quality content.)
I am struggling to recall any unambiguous instances like you suggest, especially anything rising to the level of "barefaced lies". What would be the best examples?
I agree that journalists should give sufficient context about Facebook's history around data and privacy, but I also expect anyone that is subscribing to The Information doesn't need it rehashed for them.
https://www.nytimes.com/2018/12/18/technology/facebook-priva... / https://twitter.com/SenBlumenthal/status/1003643865797218304 / https://twitter.com/davidcicilline/status/100346971021689241...
Facebook's official statement when 2FA numbers started being made available for other purposes was:
> “We outline the information we receive and use for ads in our data policy, and give people control over their ads experience including custom audiences, via their ad preferences,” said a spokesperson by email. “For more information about how to manage your preferences and the type of data we use to show people ads see this post.”
They saw no reason to deny it. Any information handed to Facebook may be used for any purpose, even if it is not apparent to the user that they will exploit data given under one function for another unrelated function.
As a sibling has pointed out with several sources - this isn't new behaviour for Facebook.
That is not how I read the parent.
Facebook asked for a phone number for 2FA (purpose).
Facebook then supplied that information for ad-targetting (definitely not what the user expects or agreed to).
There was nothing on the page when filling in the phone number that it might then be used for something other than 2FA. Just a general statement in their inhuman ToS that they can repurpose data.
That can very reasonably be construed that Facebook lied to the user - they weren't adequately informed. It certainly wouldn't be informed consent in most contexts.
But! If we are to take the view of whether Facebook has said one thing while actively doing another... Then the Cambridge Analytica scandal had it's own moment of that.
> “Every piece of content that you share on Facebook you own,” he [Zuckerberg] testified. ”You have complete control over who sees it and how you share it.”
> Facebook’s view that the device makers are not outsiders lets the partners go even further, The Times found: They can obtain data about a user’s Facebook friends, even those who have denied Facebook permission to share information with any third parties.
So, Facebook's official position was that you control your data, and who has access to it - but they didn't view device makers as a third party, and thus any device maker could overrule a user's choice and see their data if they wished.
As to the scale of the information a device maker can access...
> After connecting to Facebook, the BlackBerry Hub app was able to retrieve detailed data on 556 of Mr. LaForgia's friends, including relationship status, religious and political leanings and events they planned to attend. Facebook has said that it cut off third parties' access to this type of information in 2015, but that it does not consider BlackBerry a third party in this case.
That just sounds like skirting the fact that they likely are collecting data.
"PushKit is the only way to do e2e encrypted messaging in iOS. If they take that away, they're disabling the ability for messaging apps to function with e2e encryption. I don't see how Apple can frame that as "enhancing user privacy and security?" "
So it's not only about being able to answer calls quickly.
>A UNNotificationServiceExtension object provides the entry point for a Notification Service app extension, which lets you customize the content of a remote notification before it is delivered to the user. A Notification Service app extension doesn't present any UI of its own. Instead, it is launched on demand when a notification of the appropriate type is delivered to the user’s device. You use this extension to modify the notification’s content or download content related to the extension. For example, you could use the extension to decrypt an encrypted data block or to download images associated with the notification.
This could include responding to a message retry request, uploading new keys, handling receipts, etc.
The only thing I can think of, is notifications maybe not being encrypted? But that seems like a bit of stretch to say you can't do E2EE messaging.
From what I understood: with PushKit, it's possible to send a signal notification to the app. The app then fetches and decrypts new messages and generates appropriate notifications locally.
This is also possible to do with regular (silent) Push Notifications. The key difference seems to be that they are low priority and might not be delivered (thus no notification will be generated), and with PushKit it would.
So AFAIK this seems to be more an UX issue.
* I might be understanding something incorrectly.
I do not regret switching from Android to iOS (even if siri is woefully behind the voice assistant game)
Use two languages at once? No way! I guess they need to invent a new chip or something.
Swipe to type? Hehe.
The keyboard in itself is fast and good but it lacks features.
One of the main reasons, in addition to lack of dual-SIM, I realised switching to iOS simply wasn't worth it for me.
Having a private number for my SO, closest friends and select high-retainer-fee clients to reach me 24/7 while also having an easily discoverable public phone number for business hours increased my response time when it matters while simultaneously tuning out the noise and anxiety of being constantly connected.
Constantly opening and closing settings dialogs gets on your nerves in the long run.
I use English, Swedish accents and Russian with no issue. :s
That's finally coming in iOS 13
I use Alexa, Siri, and google assistant. And others don't come even close to assistant when it comes to understanding what you mean and the context. Or even understanding what I've said.
You can ask it stuff like "What's the name of the blonde actress from that new tarantino movie" and you will get the result (works on google.com too), then you can ask follow up questions about her.
This also carries over into setting reminders, controlling smart home devices.
"Set a timer", "No, you know what, cancel it". It feels like talking to a person. And it sounds more like a person too.
The ONLY reason I use assistant the least of the 3, is the wake word.
'use[s] it all the time to set reminders. "Ok Google. At 2 PM next Tuesday remind me to <insert pretty much anything here>".'
I find that Siri is perfectly capable of creating reminders like this (as is Alexa), so wondered about that.
Google Assistant is definitely better about information retrieval (although, yes, the wake phrase is horrible...)
Google assistant is better with more context “give me cycling directions to work, avoid going down Lexington”
I've considered switching to an iOS device, but stuff like this keeps me away, I'm very glad I can keep direct SIP, SSH, IMAP and XMPP connections open at all hours of the day.
Signal uses the exact same PushKit VoIP API that Facebook does, by the way - check PushRegistrationManager.swift in their source. I'm not sure if they use it for text chat as well as voice, but I assume so since there's no references to the newer API they could use in their code and they still support iOS 9 which doesn't have it (as do Facebook Messenger and WhatsApp). Edit: I think it's safe to say that Signal does this, given that Moxie Marlinspike isn't aware of any other way to do it: https://twitter.com/moxie/status/1158852855291269120
(Well, they don't intentionally let apps run all the time in the background. They're quite lax about how long apps can run for in the the background after being woken up in order to support voice calls, but that's not the feature messaging apps need from them.)
The intended way VoIP application should work is using PushKit and CallKit to show a native call screen after receiving a special VoIP push notification message. Only when the user accepts the actual application will open.
"Background App Refresh" is used for silent push notifications, which should be used to download content when the application is not running. It could be used to download images in messages ahead of time, though could be abused just as well. "Background App Refresh" is not a reliable way to deliver notifications to an application since they're dropped pretty easily.
"Without this, there may be a delay in sending and receiving messages."
Background processing simply allows it to have the message ready for you by the time you open the app.
If you would use the custom notification handler you are required to show a notification, which is fine for a new message but doesn't make sense for read confirmations, "is writing" updates or all other types of information that should not pop up to the user immediately.
Of course you can work around it by using a WebSocket while the app is open and only use push notifications for new messages but obviously that's going to be less tight than the current situation.
But then again it seems that apple would want to ensure that there’s still a good way to do end-to-end encryption, so I would guess there would be a workaround.
I doubt they would ban end to end crypto, but you are right, it is more of a locked down system.
Edit: keep reading. People explain this nicely below.
How exactly do you deliver notifications in Android? Can background apps simply listen on an open websocket or something?? What exactly is your technique on android
WhatsApp is using VoIP iOS features to display end2end encrypted notifications in iOS. This loophole will be closed on iOS13. So either WhatsApp does not display any notifications text on iOS13 with WhatsApp or WhatsApp will remove end2end encryption for the sake of having notifications with text on iOS.
This is really alarming for privacy. Seems Apple does not care about privacy and comfort unless it's software from Apple.
I just hope WhatsApp will stay strong and never give up on end2end encryption.
Straight from Apple's documentation:
> For example, you could use the extension to decrypt an encrypted data block or to download images associated with the notification.
It might be possible for companies like Facebook to rewrite their code to use an iOS 10+ Notification Service app extension to decrypt the notifications instead, but that requires major code changes and has additional limitations.
Also, from what I can tell Facebook Messenger etc haven't had access to the old APIs which just let VoIP apps run in the background all the time since about 2016. That's not available for apps linked to the iOS 10 API and they've been using the iOS-10-only CallKit since about that time.
Perhaps, but iOS 10 is now 3 years old; Facebook has had plenty of time to make those major code changes, as opposed to continuing to use VoIP push notifications for things other than VoIP.
That's a somewhat misleading way to characterize this: VoIP apps are still going to be just fine using the VoIP API. The question is whether legacy code should preclude Apple taking steps to act on their users' behalf. Given the number of people I know who uninstalled Messenger so their phone could make it through the workday without a charge, I'm pretty sure most people will shed no tears for someone at Facebook having to do the job they are very well paid to do.
It’s not the only way, but VoIP is the most reliable way. You can accomplish the same thing with encrypted silent push notifications, that wake up the app and trigger a decrypted local notification. Problem is that silent push notifications aren’t reliable because they don’t always wake up the app (which is throttled by the OS).
Hey, I just noticed that I never responded to you directly: my objection to the comment I replied to wasn’t because it didn’t affect some end-to-end encryption apps but that Apple wasn’t acting against them because they implemented encryption. They’re going against everything using the VoIP API for non-VoIP features and there’s an official replacement API available, so the language casting it as a threat to privacy seemed unfounded.
The race to the bottom does benefit customers in terms of prices, but there are real costs in terms of the quality and trustworthiness of the products. The cheapest products are most likely to be monetising in shady ways.
I nowadays only use mbasic.facebook.com to check messages every two to four weeks, as FB is still kind of a backup contact platform for many people if everything else fails.
Hell, people randomly text their phone number neighbor. People are really just sheep.
If you want to see exactly how creepy the whole thing is going to get in the future, you just have to take a look at the transcripts from the Software Engineering Daily podcast where a group of engineers from FB were interviewed recently. The interviewer never once mentioned the word privacy in the entire interview across all the five interviews (with pretty senior FB folks who have been there for quite a while). Or for that matter, there wasn't really a single question across all the five interviews which left me thinking "Well, at least there is someone inside Facebook who disagrees at least minimally with company policies".
You can search for this in the transcripts yourself.
I know of founders who would need to think carefully about even interviewing someone with Facebook on their resume. And I totally get these concerns given the attitude Facebook has towards the privacy of users.
Good, engineers need to be accountable for their complicity.
Not much different then background checks for working in schools or what ever.
Whether or not this is a bad thing strictly depends on the politics.
We will still have VoIP Push Notifications? We personally rely on them to encrypt the notification payloads and increase privacy so our servers can’t read the plaintext of the notification. Is that now going away?
> more of a focus on privacy from the operating systems, and the impact that that can have on measurements and also on targeting.
That could have been lifted from an NSA brief. I don't think people realize just how much "targeting" really is indistinguishable from military targeting.
I thought they were just running silent audio?
Monthly – $39
Annually – $399
They've been in business for over 5 years and are now in the top 6000 sites in the U.S. . For a deliberately-niche publication, they seem to be doing great.
The mainstream media in general have been overvalualing themselves for the past decades.
On another note the reader view on iOS (safari on iPadOS 13 public beta) show only first paragraph
For a while I had updated my CSS setup so that these sites would have a strike through on them and I'd go strait to the comments instead of trying to read the story.
The Information doesn't have a workaround, but they do unlock many articles for HN readers. I asked them to unlock this one and they did, so everyone who clicks on it from HN can read it now.
But it's easy to think of a random email of letters and numbers, and no further validation is required.
It'll convert well for them at least.
It's an attempt to create a high-value, investigative tech magazine. The paywall is rather strict and it seems to be aimed at the investor class, so I'm not entirely sure how well it's going because I'm not a subscriber, but I believe I've seen a few important stories that originated with them.
If it were the New York Times or some site I've heard of however, I'd happily login.